DEV Community: Oluwole Owoeye

Building Your Own Cloud: A Linux VPC Simulator with vpcctl

Oluwole Owoeye — Thu, 13 Nov 2025 09:37:14 +0000

Have you ever wondered how cloud providers like AWS or Azure create isolated, secure networks? This project, built entirely on native Linux kernel tools (like ip, brctl, and iptables), demonstrates a fully functional Virtual Private Cloud (VPC) environment on a single host. We built a custom command-line interface, vpcctl, to manage it all.

Project Overview & Architecture

The goal of this project was to replicate a cloud VPC's complex routing and security features without using any third-party virtualization software. The core of the architecture relies on three kernel primitives:

Component,Linux Implementation,Function
VPC (The Network),"Linux Bridge (vpc0, vpc1)","Acts as the central VPC Router, connecting all subnets."
Subnets,"Network Namespaces (web_ns, db_ns)",Provides complete network isolation for each subnet's hosts.
Connecting Cable,VETH Pairs (Virtual Ethernet),Links each Subnet (namespace) to the central VPC Router (bridge).

Security by Design: Security Groups & Isolation

Security is enforced at multiple levels to ensure the network is robust:

Deny by Default: Every subnet's firewall is initialized to DROP all traffic (iptables -P INPUT DROP), ensuring no unauthorized communication is possible.
Controlled Access: The JSON-based Security Policy (parsed by jq) explicitly defines which ports and protocols are allowed. For example, your db_ns only permits MySQL traffic (port 3306) from the authorized web subnet.
VPC Isolation: By default, two VPCs (vpc0 and vpc1) are completely isolated, enforcing the separation required for enterprise environments.

CLI Usage Examples (vpcctl)

The custom vpcctl.sh script automates the entire process. Here are the most critical commands:

Command Description Example
Create VPC  Creates a new VPC (Bridge), sets the router IP, and initializes the secure DROP policy. sudo ./vpcctl.sh create vpc vpc1 10.10.0.1/16 10.10.0.0/16
Add Subnet  Creates a namespace, links it to the VPC, and applies the JSON firewall policy. sudo ./vpcctl.sh add subnet web_ns 10.0.1.0/24 public vpc0
Peering Creates the VETH link, static routes, and host firewall rules required for controlled cross-VPC traffic.    sudo ./vpcctl.sh peer vpcs vpc0 10.0.0.0/16 vpc1 10.10.0.0/16
Enable NAT  Configures the host's iptables to provide Internet access via Masquerade.   sudo ./vpcctl.sh enable nat

Testing and Validation Steps

Validation proves the system works and obeys the security rules.

Test    Command Expected Result Requirement Verified
1. Subnet Routing   sudo ./vpcctl.sh test subnet_to_subnet web_ns db_ns SUCCESS (0% Loss)   Subnets within a VPC can communicate.
2. Firewall Enforcement sudo ip netns exec web_ns nc -zv 10.0.2.1 80 -w 2   FAILURE (Connection Refused)    Firewall rules block unauthorized traffic (Port 80 is denied by policy).
3. VPC Isolation    sudo ip netns exec web_ns ping -c 1 10.10.1.1   FAILURE (100% Loss) VPCs are fully isolated by default.
4. Final Peering    Requires adding iptables -I FORWARD 1... after peering. SUCCESS (0% Loss)   Controlled cross-VPC communication works after security exception.

Clean Up: Deleting All Resources

To ensure the host machine remains clean, the final step is to run the idempotent teardown command. This reliably removes all namespaces, bridges, custom VETH links, and firewall rules created during the project.

# Deletes all VPCs, subnets, and restores host firewall settings
sudo ./vpcctl.sh clean

My HNG12 Task -Stage 0

Oluwole Owoeye — Wed, 29 Jan 2025 13:34:18 +0000

This task contains installing and configuring nginx webserver, also, customizing the index.html page with the message "Welcome to DevOps Stage 0 - Oluwole Owoeye/wolecharles".

Actions taken to complete this task includes the following;

Create an ubuntu instance using AWS
launch and connect the instance
enter these commands

sudo apt-get update - to get patches up to date on ubuntu
sudo apt-get install nginx - to install nginx webserver
nginx -v - to confirm nginx is installed
sudo systemctl status nginx - to ensure nginx is ruunning

go to ip address of the server and confirm that nginx defult web page is shown

enter this command - cd /var/www/html will navigate to html

edit the index.html to your details
"Welcome to DevOps Stage 0 - yourname/slackusername"
use vi index.html to edit
quit and save
go to ip address of the server and confirm that customize web page is showing the details "Welcome to DevOps Stage 0 - yourname/slackusername"

Lesson learned;
I have learnt how to install and configure an nginx webserver using AWS ,also, customize html webpage .

AWS Solutions Architects https://hng.tech/hire/aws-solutions-architects
DevOps Engineers https://hng.tech/hire/devops-engineers

Linux User Creation Bash Script

Oluwole Owoeye — Wed, 03 Jul 2024 17:21:01 +0000

Introduction

We can use a Bash script to automate the creation of users and groups, set up home directories, generate random passwords, and log all actions.

Script Overview

The script we're going to discuss performs the following functions:

Create Users and Groups: Reads a file containing usernames and group names, creates the users and groups if they do not exist, and assigns users to the specified groups.

Setup Home Directories: Sets up home directories with appropriate permissions and ownership for each user.

Generate Random Passwords: Generates random passwords for the users and stores them securely.

Log Actions: Logs all actions to /var/log/user_management.log for auditing and troubleshooting.

Store Passwords Securely: Stores the generated passwords in /var/secure/user_passwords.csv with restricted access.

The Script

Here is the complete Bash script:

#!/bin/bash

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

# Ensure /var/secure exists and has the correct permissions
mkdir -p /var/secure
chmod 700 /var/secure
touch "$PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"

# Function to log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

# Function to generate random passwords
generate_password() {
    local password_length=12
    tr -dc A-Za-z0-9 </dev/urandom | head -c $password_length
}

# Function to add users, groups and set up home directories
setup_user() {
    local username=$1
    local groups=$2

    # Create the user
    # &>/dev/null
    if ! id -u "$username" &>/dev/null; then
        password=$(generate_password)
        useradd -m -s /bin/bash "$username"
        echo "$username:$password" | chpasswd
        log_message "User $username created."

        # Store the username and password
        echo "$username,$password" >> "$PASSWORD_FILE"
        log_message "Password for $username stored."
    else
        log_message "User $username already exists."
    fi

    # Create groups and add user to groups
    IFS=',' read -ra group_array <<< "$groups"
    for group in "${group_array[@]}"; do
        if ! getent group "$group" &>/dev/null; then
            groupadd "$group"
            log_message "Group $group created."
        fi
        usermod -aG "$group" "$username"
        log_message "Added $username to $group."
    done
    # Set up the home directory
    local home_dir="/home/$username"
    chown "$username":"$username" "$home_dir"
    chmod 700 "$home_dir"
    log_message "Home directory for $username set up with appropriate permissions."
}

# Main script
if [ $# -eq 0 ]; then
    log_message "Usage: $0 <input_file>"
    exit 1
fi

input_file=$1
log_message "Starting user management script."

# Read the input file and process each line
while IFS=';' read -r username groups; do
    setup_user "$username" "$groups"
done < "$input_file"

log_message "User management script completed."

Logging and Password File Setup

The script ensures that the /var/secure directory exists and has the appropriate permissions.
It creates the password file /var/secure/user_passwords.csv and ensures only the owner can read it.

mkdir -p /var/secure
chmod 700 /var/secure
touch "$PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"

Message_Log

The log_message function logs messages to /var/log/user_management.log with a timestamp.

log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

password function

The generate_password function generates a random password of a specified length (12 characters in this case).

generate_password() {
    local password_length=12
    tr -dc A-Za-z0-9 </dev/urandom | head -c $password_length
}

User Setup Function

The setup_user function creates users, adds them to groups, sets up home directories with appropriate permissions, and logs each action. It also generates and stores passwords securely.

setup_user() {
    local username=$1
    local groups=$2

    # Create the user
    if ! id -u "$username" &>/dev/null; then
        password=$(generate_password)
        useradd -m -s /bin/bash "$username"
        echo "$username:$password" | chpasswd
        log_message "User $username created."

        # Store the username and password
        echo "$username,$password" >> "$PASSWORD_FILE"
        log_message "Password for $username stored."
    else
        log_message "User $username already exists."
    fi

Main Script

The main part of the script takes an input file as an argument, reads it line by line, and processes each line to create users and groups, set up home directories, and log actions.

if [ $# -eq 0 ]; then
    log_message "Usage: $0 <input_file>"
    exit 1
fi

This makes sure you run the script with an input_file, i.e input.txt

    input_file=$1
    log_message "Starting user management script."

Usage

To use this script, save it to a file (e.g., user_management.sh), make it executable, and run it as a root user with the path to your input file as an argument:

input.txt

    user1;group1,group2
    user2;group3,group4

on the Command Line(CMD) | Terminal

    chmod +x user_management.sh
    ./create_users.sh input.txt

Talents

HNG Internship
HNG Tech Premium